Sign In

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically.

Store

Everything posted by MagicAndre1981

This is an updated tutorial of the one cluberti posted here. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights and run the following commands: For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP Attention: Some users reported that they get a bugcheck (BSOD) when using the DRIVERS flag in the boot trace command. If you get this, use system restore to go back to a working Windows and run the command without DRIVERS xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMPAlso change the name in the command to generate the XML. I've send some dumps to Microsoft, they look at the issue right now. For shutdown tracing: xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPreplace C:\TEMP with any temp directory on your machine as necessary to store the output files All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. Once Vista/Server 2008(R2) or Windows 7 does reboot, log back in as necessary and once the countdown timer finishes, you should now have some tracing files in C:\TEMP. If asked, upload or provide the file(s) generated in C:\TEMP (or the directory you chose) on a download share for analysis. Analyses of the boot trace: To start create a summary xml file, run this command (replace the name with the name of your etl file) xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a bootNow you see this picture.: You have too look at the timing node. All time values are in ms. The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop. The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications. those values show you a summary. The MainPathBoot Phase PreSMSS Subphase So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly. SMSSInit Subphase So if the SMSSInit Phase takes too long, try to get an graphic card driver update. WinLogonInit Subphase If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay. In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software. ExplorerInit Subphase So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different. The PostBoot Phase If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns. When you have a HDD (no SSD!) and you want to speedup the boot, run the optimization from this guide: http://www.msfn.org/board/index.php?showtopic=140262 Analyses of the shutdown trace: The shutdown is divided into this 3 parts: To generate an XML summary of shutdown, use the -a shutdown action with Xperf: xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen the XML and you see this: It shows you the most relevant data. <timing shutdownTime="23184" servicesShutdownDuration="1513">The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast. Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n). sessionShutdown sessionID="1" duration="3321">shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds. UserSession Phase sessionShutdown sessionID="0" duration="1513">The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop. SystemSession Phase In both cases expand the node and look at the shutdownDuration value. It helps you to identify a hanging application are service. KernelShutdown Phase To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime. In my example: KernelShutdown = 23184 - 3321 - 1513 = 18350 In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time. That is all you need to analyze slow shutdown issues. Analyses of the Hibernation trace:: To generate the XML, run this command: xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendAnalyses of the Sleep/Resume trace:: xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspendOpen the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume. For deeper analysis refer to the Sleep and Hibernate Transitions part of theWindows On/Off Transition Performance Analysis Guide from Microsoft. The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information. // Edit: 2010-11-28 Add the explanation of the boot process // Edit: 2010-10-11 added the optimization guide // Edit: 2010-10-09 If you get a BSOD (Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) while making traces, REMOVE ALL USB DEVICES and reboot! When making a new trace remove the DRIVERS flag from the command line! // Edit: 2010-02-04 Added the -noPrepReboot command at shutdown tracing to prevent the preparatory reboot during a shutdown/rebootCycle trace. Usually, the reboot is required to ensure a consistent machine state before the first shutdown if multiple traces are being taken. // Edit: 2010-05-08 Added the link to the Visual Studio 2010 Diagnostic Tool as alternative download to get the Windows Performance Toolkit Installers. Added some pictures.

Hi, this is my second part of the series "What is the UAC". People always disable the UAC because there is no way to disable the UAC for a specific program. is this really true? No, it is not true. There is an build in way to do this! Q: How can I do this? A: Use the taskscheduler. 1. Start the computer management MMC snap-in 2. This step is optional: go to Task scheduler Library and make a right click and click "New Folder" (see picture 2) and type in "myTasks" to create a new folder (see picute 3) 3. Make a right click on the folder myTasks and select "Create Task" and type in a name: I always name them "autoElevatePROGRAMNAME". Here for my expample "autoElevateProcessExplorer" and mark the checkbox "Run with highest priviligies". 4. go to the tab "Actions" and select the program you want to execute and click ok, to create the Task. 5. create a new shortcut on your desktop and type in the following command: C:\Windows\System32\schtasks.exe /RUN /TN "myTasks\autoElevateProcessExplorer"Q: Do I have to do this for all programs I want to start? A: Yes Q: How Do I backup my tasks? A: make a right click on the task and select "Export" and save it into a XML file and after a reinstall of your Windows Vista / 7 select "Import Task" and import the XML file again. Q: How do I start applications with administrator rights at startup? A: You can copy the shortcut into the startup folder ( C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ) or run the task with a trigger (in the task creation window to to "triggers" and select "create Trigger" and choose "Begin the task" - "At logon". If you create such an trigger you don't have to put the shortcut into the startup folder. So I hope I was able to show you how to start applications with elevated rights, without disabling the UAC and without being "annoyed" to accept the UAC prompt. I'm using this technique for 3 years (starting with Vista Beta2 Milestone Builds) now.

How to get the cause of high CPU usage by DPC (Deferred Procedure Call) and interrupts? Ok, you found this guide, because you see this: in Process Explorer/Hacker or you run the DPC Latency Checker tool an see this: (Attention: If you use Windows 8, don't use the "DPC Latency Checker tool". Due to internal Kernel changes in Windows 8, the "DPC Latency Checker tool" shows DPC spikes of over 1000µs all other the time. Those VALUES are not correct!) The developers of the tool try to create a Windows 8 compatible version. Here I will tell you a ) to see which driver causes the high CPU usage and b ) which driver causes the spikes. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token), go to C:\temp (cd\temp) and run the following commands: xperf -on latency -stackwalk profilenow wait a time while the high DPC and Interrupt usage occurs. to stop the trace run the following command: xperf -d DPC_Interrupt.etlThis closes the trace and writes the result to the file DPC_Interrupt.etl. In the next step, make a double click on the etl file to run the Viewer. Now wait until the 2 passes are over. Go to "Trace"->"Configure Symbol Paths" and type in the following: srv*C:\symbols*http://msdl.microsoft.com/download/symbolsClick ok, to close the dialog. Now go to the graphs "DPC CPU Usage" or "Interrupt CPU Usage" (depending where you high CPU usage) and select the intervall, make a right click and select "Load Symbols" and next click summary table. Now, you have to accept the license agreement to download the public debugging symbols. (NOTE, THE PDBs ARE SOMETIME VERY HUGE. BE AWARE THAT IT MAY TAKE SOME TIME IF YOU HAVE A SLOW INTERNET CONNECTION) Here you'll see summary of the calls For me the cause is the NDIS.sys. This is a part of the networking system. The usage comes for me, when I have nearly 100% network speed usage on my 100MBit LAN adapter of my notebook. In your case, you should see the driver which causes the issues. An alternative way is to use the xperf commandline tool to dump the values into a text file: xperf -I DPC_Interrupt.etl -a dpcisr > dpc.txtOpen the generated dpc.txt with notepad. Under CPU Usage Summing By Module For the Whole Trace you can see a summary of all DPC usage for each CPU core. Look here which driver is causing the high CPU usage. Look in the dumped text files for µsec values which are over 256µsec. They can be critical. An alternativ to xperf is the tool LatencyMon It shows you the same statistic you see in the text file, but it shows you the values in realtime. So you can see which driver is the cause. You can download this tool from here: http://www.resplendence.com/downloads If the NDIS.sys driver is shown as possible cause, check your (W)LAN drivers for updates. For usbport.sys, check your chipset and USB device drivers for updates. if you see ACPI/HAL you may run into power saving feature issues. So update the BIOS and change the Power Plan in Windows. To see which driver versions you use run this command: xperf -I DPC_Interrupt.etl -a fileversion > fileversion.txtNow open the fileversion.txt and look for the driver version you use. Do a Bing/google search if you can find updated drivers. If you see UNKNOWN as cause you run drivers which use dynamic code. 1 known driver which uses such dynamic code is the DuplexSecure SPTD driver which is used in tools like DAEMON-Tools. If you see the UNKNOWN as a possible cause look if you have the SPTD driver installed. If yes, download the latest installer, run the installer and select "Uninstall" and reboot. Now run the xperf commands again and look if you see the real driver. Ok, I hope, this helps you to determine which driver is causing high DPC, interrupt usage and spikes which causes sound glitches.

ATTENTION: The guide only works if you use HDD (NOT a SSD!). To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 If you are a Windows 7 User: Make sure that EnablePrefetcher and EnableSuperfetch registry settings are set to 3 and that the Superfetch service (sysmain) is running and set to start automatically. Also install those Windows 7 hotfixes: http://www.msfn.org/board/index.php?showtopic=152622 If you are a Windows Vista User: Make sure that EnablePrefetcher and EnableSuperfetch registry settings are set to 3 and the ReadyBoost service and that the Superfetch service (sysmain) are both running and set to start automatically. Now open a command prompt with admin rights ( http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token ) and run the following command: xbootmgr -trace boot -prepSystem -verboseReadyBoot Now your PC will be restarted 6 times. After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster (for the description read what ReadyBoot is). The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup. Note! DON'T USE OTHER DEFRAGMENTATION PROGRAMS AFTER THE OPTIMIZATION, USE ONLY THE INCLUDED MS TOOL, BECAUSE EVERY TOOL PLACES THE FILES AT A DIFFERENT OFFSET ON YOUR HDD, BECAUSE ALL TOOL THINK THEY KNOW IT BETTER! Background: With Windows XP, MS implemented a prefetcher which loads data into the RAM, when the CPU was busy, starting services, drivers, so that they are already loaded when they are needed in later stages of the boot process. With Vista, MS improved this prefetcher and named it ReadyBoot: Source: http://technet.microsoft.com/en-us/magazin...el.aspx?pr=blog If you remember XP days, their was a tool called BootVis. The optimization is similar to this here, but the difference is, that is only starts the integrated MS defragmentation program for a better HDD layout, because XP doesn't have ReadyBoot. To see the improvement in time, run those 2 commands: xperf -i bootPrep_BASE+CSWITCH_1.etl -o 01_summary_start.xml -a boot xperf -i boot_BASE+CSWITCH_1.etl -o 02_summary_end.xml -a boot To determine the boot time, open the XML files and look at the value bootDoneViaPostBoot. This value (-10000 = 10seconds) shows you the time, which Windows needs to boot completely. In the file 02_summary_end.xml it should be much lower. I hope this small tutorial helps you to make your Windows start faster.

This is an updated tutorial of my Windows 7 here. To get started you need the Windows Performance Tools Kit. Read here how to install it: http://www.msfn.org/board/index.php?showtopic=146919 Now open a command prompt with admin rights and run the following commands: For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPNote, in Windows 8 it is safe to use the DRIVERS flag, the Windows 7 bug is fixed in Windows 8. For shutdown tracing: xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPFor Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPreplace C:\TEMP with any temp directory on your machine as necessary to store the output files All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. After you login to your PC, the new startscreen is shown and you have to click to the desktop to see countdown timer. Again, wait until the timer finishes. Afetr you did this you should now have some tracing files in C:\TEMP. Analyses of the boot trace: To start create a summary xml file, run this command (replace the name with the name of your etl file) xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a bootNow you see this picture.: You have too look at the timing node. All time values are in ms. The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop. The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications. those values show you a summary. The MainPathBoot Phase PreSMSS Subphase So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly. SMSSInit Subphase So if the SMSSInit Phase takes too long, try to get an graphic card driver update. WinLogonInit Subphase If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay. In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software. ExplorerInit Subphase So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different. The PostBoot Phase If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns. if possible, you should always use the new Fast Startup/ hybrid Boot of Windows 8. At the end of this guide you'll learn how to analyze this new mode. Analyses of the shutdown trace: The shutdown is divided into this 3 parts: To generate an XML summary of shutdown, use the -a shutdown action with Xperf: xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen the XML and you see this: It shows you the most relevant data. <timing shutdownTime="23184" servicesShutdownDuration="1513">The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast. Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n). sessionShutdown sessionID="1" duration="3321">shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds. UserSession Phase sessionShutdown sessionID="0" duration="1513">The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop. SystemSession Phase In both cases expand the node and look at the shutdownDuration value. It helps you to identify a hanging application are service. KernelShutdown Phase To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime. In my example: KernelShutdown = 23184 - 3321 - 1513 = 18350 In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time. That is all you need to analyze slow shutdown issues. Analyses of the Hibernation trace:: To generate the XML, run this command: xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendAnalyses of the Sleep/Resume trace:: xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspendOpen the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume. Windows 8 includes a new boot mode called Fast Startup or Hybrid Boot. If this boot mode is slow, you have to run this command to trace the slowness: xbootmgr -trace fastStartup -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMPI've already explained how this mode works. First Windows shuts down the users, next Windows hibernates the kernel with all drivers and the services. Next the PC shuts down. Now Windows boots again, read the hibernation file and resumes all services and drivers and next you go to the Logon screen. So we now need to view all 3 actions. So first look is the closing of apps and logging off the users takes too long. Create the shutdown XML with this command: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdownOpen it and you'll see this: Note, that the file only shows the logoff of the user sessions. Here check which programs take long to close. The FlushVolume is writing open files/cache to the HDD. Next, we must look if the hibernation is slowly. To generate the XML run this: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspendOpen it and you'll see this: Now the same applies like Hibernation. Look which services or drivers take a long time to suspend. Also note, that those values are in µs! If those 2 steps are fine, we must look at the new Startup. To generate the XML run this: xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_Boot.xml -a bootOpen it and you'll see this: When you compare it to the normal boot, you see some differences. The PreSMSS and SMSSInit Subphases are gone. This is replaced with SystemResume. If this takes a very long time, open again the summary_hibernation.xml and look for devices are services which take long time to resume. The rest of the boot is the same like the normal boot. If WinLogonInit are long, check the Group Policies and if you're restoring of network connections. And if PostExplorerPeriod is long, you also start too many desktop programs or your new Windows 8 apps take too long to load the data to show in the live tiles. I hope, this helps you to fix your Performance issues with Windows 8. The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information.

When making a right click on the Explorer and select "Run as administrator" it doesn't start the Windows Explorer with admin rights. The Windows Vista/7 Explorer includes a special function to block such requests. To disable it, start regedit.exe and go to the following key: HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} make a right click on Permissions and set your user as owner of the key and give your current user writing permissions. Next, delete or rename the value RunAs. Now the Elevated-Unelevated Explorer Factory is disabled and you can start the Explorer with admin rights. This helps you delete files, for which you need admin rights. Have fun

I haven't insulted you. I simply wrote the truth. You have NO knowledge and troll around. I haven't had 1 UAC prompt today, so UAC is no issue at all during normal work and instead of understanding it you bash about this feature. I'll put you on my ignore list, so that I don't need to read your crap any longer *facepalm*

I can see the 40s delay in the Wait data. rpcrt4.dll!Invoke calls sspisrv.dll!SspirLogonUser and later lsasrv.dll!NegLogonUserEx2 and wait for a response of lsass.exe. The lsass.exe checks some registry keys if you have the system configured to automatically logon with a username/password (authui.dll!CAutoLogon::IsAutoLogonMode, authui.dll!CAutoLogon::GetAutoLogonCredential, kernel32.dll!RegCreateKeyExW). Do you have this configured? If yes, disable it and enter your password on its own. Is it faster now?

WaitForLSM is slow (caused by the slow RpcSs start). Try this hotfix: https://support.microsoft.com/en-us/kb/2661001 If you still have the issue, run this command, here I capture wait data: xbootmgr -trace boot -traceFlags BASE+LATENCY+DISK_IO_INIT+DISPATCHER+FILE_IO+FILENAME+POWER -stackwalk profile+CSwitch+ReadyThread+DiskReadInit+DiskWriteInit -resultPath C:\TEMP Also please compress the ETL file as 7z/RAR to reduce the size.